/*
 * Copyright 2012-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.boot.autoconfigure.security.saml2;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.core.io.Resource;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;

/**
 * SAML2 依赖方属性。
 *
 * @author Madhura Bhave
 * @author Phillip Webb
 * @author Moritz Halbritter
 * @since 2.2.0
 */
@ConfigurationProperties("spring.security.saml2.relyingparty")
public class Saml2RelyingPartyProperties {

	/**
	 * SAML2 依赖方注册信息。
	 */
	private final Map<String, Registration> registration = new LinkedHashMap<>();

	public Map<String, Registration> getRegistration() {
		return this.registration;
	}

	/**
	 * 表示一个 SAML 依赖方。
	 */
	public static class Registration {

		/**
		 * 依赖方的实体 ID。该值可以包含多个占位符，
		 * 例如 "baseUrl"、"registrationId"、"baseScheme"、"baseHost" 和 "basePort"。
		 */
		private String entityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";

		/**
		 * 断言消费者服务（Assertion Consumer Service）。
		 */
		private final Acs acs = new Acs();

		private final Signing signing = new Signing();

		private final Decryption decryption = new Decryption();

		private final Singlelogout singlelogout = new Singlelogout();

		/**
		 * 远程 SAML 身份提供者。
		 */
		private final AssertingParty assertingparty = new AssertingParty();

		/**
		 * 远程 SAML 身份提供者。
		 * @deprecated 请使用 {@link #assertingparty} 替代
		 */
		@Deprecated
		private final AssertingParty identityprovider = new AssertingParty();

		public String getEntityId() {
			return this.entityId;
		}

		public void setEntityId(String entityId) {
			this.entityId = entityId;
		}

		public Acs getAcs() {
			return this.acs;
		}

		public Signing getSigning() {
			return this.signing;
		}

		public Decryption getDecryption() {
			return this.decryption;
		}

		public AssertingParty getAssertingparty() {
			return this.assertingparty;
		}

		/**
		 * 远程 SAML 身份提供者。
		 * @return 远程 SAML 身份提供者
		 * @deprecated 请使用 {@link #getAssertingparty()} 方法代替
		 */
		@Deprecated
		public AssertingParty getIdentityprovider() {
			return this.identityprovider;
		}

		public Singlelogout getSinglelogout() {
			return this.singlelogout;
		}

		public static class Acs {

			/**
			 * Assertion Consumer Service（断言消费者服务）的位置模板。可以基于变量
			 * "baseUrl"、"registrationId"、"baseScheme"、"baseHost" 和 "basePort" 生成其位置。
			 */
			private String location = "{baseUrl}/login/saml2/sso/{registrationId}";

			/**
			 * Assertion Consumer Service 绑定方式。
			 */
			private Saml2MessageBinding binding = Saml2MessageBinding.POST;

			public String getLocation() {
				return this.location;
			}

			public void setLocation(String location) {
				this.location = location;
			}

			public Saml2MessageBinding getBinding() {
				return this.binding;
			}

			public void setBinding(Saml2MessageBinding binding) {
				this.binding = binding;
			}

		}

		public static class Signing {

			/**
			 * 用于签署 SAML 认证请求的凭证列表。
			 */
			private List<Credential> credentials = new ArrayList<>();

			public List<Credential> getCredentials() {
				return this.credentials;
			}

			public void setCredentials(List<Credential> credentials) {
				this.credentials = credentials;
			}

			public static class Credential {

				/**
				 * 用于签名的私钥。
				 */
				private Resource privateKeyLocation;

				/**
				 * 与身份提供者共享的 Relying Party X509 证书。
				 */
				private Resource certificateLocation;

				public Resource getPrivateKeyLocation() {
					return this.privateKeyLocation;
				}

				public void setPrivateKeyLocation(Resource privateKey) {
					this.privateKeyLocation = privateKey;
				}

				public Resource getCertificateLocation() {
					return this.certificateLocation;
				}

				public void setCertificateLocation(Resource certificate) {
					this.certificateLocation = certificate;
				}

			}

		}

	}

	public static class Decryption {

		/**
		 * 用于解密SAML身份验证请求的凭据。
		 */
		private List<Credential> credentials = new ArrayList<>();

		public List<Credential> getCredentials() {
			return this.credentials;
		}

		public void setCredentials(List<Credential> credentials) {
			this.credentials = credentials;
		}

		public static class Credential {

			/**
			 * 用于解密的私钥。
			 */
			private Resource privateKeyLocation;

			/**
			 * 与身份提供者共享的 Relying Party X509 证书。
			 */
			private Resource certificateLocation;

			public Resource getPrivateKeyLocation() {
				return this.privateKeyLocation;
			}

			public void setPrivateKeyLocation(Resource privateKey) {
				this.privateKeyLocation = privateKey;
			}

			public Resource getCertificateLocation() {
				return this.certificateLocation;
			}

			public void setCertificateLocation(Resource certificate) {
				this.certificateLocation = certificate;
			}

		}

	}

	/**
	 * 表示一个远程身份提供者。
	 */
	public static class AssertingParty {

		/**
		 * 身份提供者的唯一标识符。
		 */
		private String entityId;

		/**
		 * 用于基于发现配置的元数据端点 URI。
		 */
		private String metadataUri;

		private final Singlesignon singlesignon = new Singlesignon();

		private final Verification verification = new Verification();

		private final Singlelogout singlelogout = new Singlelogout();

		public String getEntityId() {
			return this.entityId;
		}

		public void setEntityId(String entityId) {
			this.entityId = entityId;
		}

		public String getMetadataUri() {
			return this.metadataUri;
		}

		public void setMetadataUri(String metadataUri) {
			this.metadataUri = metadataUri;
		}

		public Singlesignon getSinglesignon() {
			return this.singlesignon;
		}

		public Verification getVerification() {
			return this.verification;
		}

		public Singlelogout getSinglelogout() {
			return this.singlelogout;
		}

		/**
		 * 身份提供者的单点登录详情。
		 */
		public static class Singlesignon {

			/**
			 * 发送身份验证请求的远程端点地址。
			 */
			private String url;

			/**
			 * 身份验证请求是使用重定向还是 POST 方式。
			 */
			private Saml2MessageBinding binding;

			/**
			 * 是否对身份验证请求进行签名。
			 */
			private Boolean signRequest;

			public String getUrl() {
				return this.url;
			}

			public void setUrl(String url) {
				this.url = url;
			}

			public Saml2MessageBinding getBinding() {
				return this.binding;
			}

			public void setBinding(Saml2MessageBinding binding) {
				this.binding = binding;
			}

			public boolean isSignRequest() {
				return this.signRequest;
			}

			public Boolean getSignRequest() {
				return this.signRequest;
			}

			public void setSignRequest(Boolean signRequest) {
				this.signRequest = signRequest;
			}

		}

		/**
		 * 身份提供者的验证详情。
		 */
		public static class Verification {

			/**
			 * 用于验证传入 SAML 消息的凭证列表。
			 */
			private List<Credential> credentials = new ArrayList<>();

			public List<Credential> getCredentials() {
				return this.credentials;
			}

			public void setCredentials(List<Credential> credentials) {
				this.credentials = credentials;
			}

			public static class Credential {

				/**
				 * 用于验证传入 SAML 消息的 X.509 证书的位置。
				 */
				private Resource certificate;

				public Resource getCertificateLocation() {
					return this.certificate;
				}

				public void setCertificateLocation(Resource certificate) {
					this.certificate = certificate;
				}

			}

		}

	}

	/**
	 * 单点注销相关详情。
	 */
	public static class Singlelogout {

		/**
		 * 发送 SAML2 LogoutRequest 的地址。
		 */
		private String url;

		/**
		 * 发送 SAML2 LogoutResponse 的地址。
		 */
		private String responseUrl;

		/**
		 * 注销请求是使用重定向还是 POST 方式。
		 */
		private Saml2MessageBinding binding;

		public String getUrl() {
			return this.url;
		}

		public void setUrl(String url) {
			this.url = url;
		}

		public String getResponseUrl() {
			return this.responseUrl;
		}

		public void setResponseUrl(String responseUrl) {
			this.responseUrl = responseUrl;
		}

		public Saml2MessageBinding getBinding() {
			return this.binding;
		}

		public void setBinding(Saml2MessageBinding binding) {
			this.binding = binding;
		}

	}

}
